Scam of the Week: Equifax Phishing Attacks

You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.

It can be the difference between being able to buy a house or sometimes even get a job or not. This breach and the way they handled it, including the announcement, was what Brian Krebs rightfully called a dumpster fire.

The problem is that with this much personal information in the hands of the bad guys, highly targeted spear phishing attacks can be expected, and a variety of other related crime like full-on identity theft on a much larger scale.

These records are first going to be sold on the dark web to organized crime for premium prices, for immediate exploitation, sometimes by local gangs on the street. Shame on Equifax for this epic fail. They will be sued for billions of dollars for this web-app vulnerability.

So this Scam of the Week covers what is inevitable in the near future, we have not seen actual Equifax phishing attacks at this point yet, but you can expect them in the coming days and weeks because the bad guys are going to take their most efficient way to leverage this data… email.

I suggest you send the following to your employees, friends, and family. You’re welcome to copy, paste, and/or edit:

“Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised
  • Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
  • Calls from scammers that claim they are from your bank or credit union
  • Fraudulent charges on any credit card because your identity was stolen

Here are 5 things you can do to prevent identity theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)
  • Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/
  • Check your credit reports via the free www.annualcreditreport.com 
  • Check your bank and credit card statements for any unauthorized activity
  • If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.

And as always, Think Before You Click!

Android 8.0 Oreo, thoroughly reviewed

We take a 20,000 word deep-dive on Android’s “foundational” upgrades.

Android 8.0 Oreo is the 26th version of the world’s most popular operating system. This year, Google’s mobile-and-everything-else OS hit two billion monthly active users—and that’s just counting phones and tablets. What can all those users expect from the new version? In an interview with Ars earlier this year, Android’s VP of engineering Dave Burke said that the 8.0 release would be about “foundation and fundamentals.” His team was guided by a single question: “What are we doing to Android to make sure Android is in a great place in the next 5 to 10 years?”

Nabisco produced a limited run of Android-themed Oreos for the launch event.
Nabisco produced a limited run of Android-themed Oreos for the launch event.
Oreo

Take a closer look at Oreo and you really can see the focus on fundamentals. Google is revamping the notification system with a new layout, new controls, and a new color scheme. It’s taking responsibility for Android security with a Google-branded security solution. App background processing has been reined in, hopefully providing better battery life and more consistent performance. There’s even been some work done on Android’s perpetual update problem, with Project Treble allowing for easier update development and streaming updates allowing for easier installation by users. And, as with every release, more parts of Android get more modularized, with emojis and GPU driver updates now available without an OS update.Like its partnership with Nestle for Android 4.4 “KitKat,” Google is taking its alphabetical snack-themed codenames to the extreme with 8.0, and partnering with an actual snack company. This time Nabisco is sharing the “Oreo” brand with Google (We’ve yet to hear about any kind of monetary arrangement for this sort of thing). Google’s Eclipse-themed launch party was complete with custom Oreo cookies featuring an Android robot design and green filling.

Two billion users is a huge number, but with Android 8.0, Google shows that it still isn’t satisfied. A new initiative called “Android Go” targets the developing world, where cheap devices and limited access to data and power require taking a different look at how some parts of Android function.

Oreo will also serve as the base for three new Android form factors. It will be built into cars as “Android Automotive,” where Google works with car OEMs to integrate Android. Android 8.0 will also be the base OS for “Android Things,” an “Internet of things” (IoT) version of the OS designed to easily manage on embedded devices. Finally, Google’s virtual reality “Daydream” group will also launch a new form factor with Oreo—standalone VR headsets.

So, coming soon to your phone, your tablet, your watch, your TV, your car, your “things,” and your VR headset—it’s Android 8.0 Oreo. Let’s dive in.

Table of Contents

Listing image by Google

Project Treble—Finally, real progress on the fragmentation problem

While Android’s scale is impressive, the vast majority of Android users won’t get to use new versions of the OS quickly—or at all. Google’s own Pixel phones get updates immediately, third-party flagships get the update in six months to a year, and everyone else gets the update when they throw out their existing handset and buy a new one. Android’s biggest problem is easily the ecosystem’s inability to ship updates quickly and efficiently to every device.

Google’s past “solutions” to the Android update problem have involved little action and lots of talk. In 2011, it asked OEMs to do better and announced the “Android Update Alliance“—a group of Android OEMs that totally-pinky-sweared to ship updates quicker. After the big announcement, exactly nothing changed; the group was never mentioned again. In 2016 Google reportedly ranked OEMs by update speed and showed the list around the ecosystem in an attempt to “shame” OEMs into doing a better job. Little happened.

Asking OEMs nicely has not improved things, so in Android Oreo, Google is finally implementing a technical change to Android that should help with updates. The effort—called “Project Treble”—modularizes the Android OS away from the drivers and other hardware-specific code. As Android’s Head of Engineering, Dave Burke, put it in his interview with Ars, “Today, it just costs too much to do an upgrade of Android. The amount of work and dependencies are too high.” The goal with Treble is to make it easier, faster, and—most importantly for OEMs—cheaper to pump out an Android update.

Once Google releases an Android update, getting it running on a specific device usually involves three major steps. First, SoC vendors like Qualcomm or Samsung’s Exynos division take the update and modify the release for that specific piece of hardware. Then OEMs like Samsung and LG theme the OS, rebranding Android with new icons, colors, and layouts, often changing core parts of the OS to add extra features and functionality. Finally, carriers test the new release, certify it for their networks, and send it out to users. (If you buy an unlocked device, you can skip the “carrier” step and get your update directly from the OEM.) Each step creates not only a delay, but also the opportunity for a company to end update support, leaving users with an abandoned piece of hardware.

Project Treble will help with that first step: relying on SoC vendors to get the release running on specific SoC hardware. Project Treble introduces a “Vendor Interface”—a standardized interface that sits between the OS and the hardware.  As long as the SoC vendor plugs into the Vendor Interface and the OS plugs into the Vendor Interface, an upgrade to a new version of Android should “just work.” OEMs and carriers will still need to be involved in customizing the OS the rolling it out to users, but now the parties involved in an update can “parallelize” the work needed to get an update running—SoC code is no longer the “first” step that everyone else needs to wait on.

Google has a new set of tests, called the Vendor Test Suite (VTS), which ensures the Vendor Interface on a device is properly implemented and future proof. This is a hardware-focused analog to the Compatibility Test Suite (CTS), which ensures the Android app APIs are properly implemented on a device.

HAL versioning and deprecation

On the Android Developer’s Backstage Podcast (which is more-or-less Google’s “official” Android podcast) Iliyan Malchev, the head of Project Treble, dished out a good amount of detail about his pet project, saying “We haven’t been very formal about defining the boundary between the top [AOSP] and the bottom [Silicon Vendor] pieces of the OS.” With Treble, Malchev said that Google is “defining a set of interfaces, formally, in a structured and versioned manner, and committing to maintaining them.”

Treble isn’t just a single interface. HALs are broken down into “major subsystems” like the camera, audio, location, Wi-Fi, telephony, and other components. Malchev revealed there are “about 60” of these HALs in Oreo, with more to come in future releases. To allow for each subsystem to grow and evolve over time, each one gets a major and minor version number, and each release of Android will support a range of versions for each subsystem. For device types Google doesn’t officially support, there’s a “Vendor NDK” that allows vendors to make their own custom modular HALs.

The versioned subsystems mean that future device support will be partially dependant on Google and what subsystem versions it chooses to support or deprecate with each Android release. If your phone SoC only supports “Camera HAL version 1.3” and “Android 9.0” requires Camera HAL v1.4 and up, you’ll need to have your camera HAL upgraded before Android 9.0 will fully work on your device.

To help make HAL deprecation decisions like this, Google will have some sort of database containing all the HAL information for all the Treble Android devices out there. As Malchev put it on the podcast, “We will have a way to know, for every given device, exactly which HAL interface it implements at which version, and we’re going to have a way to look at the universe and see ‘Ok, what will happen if we drop support for this old version of this interface? How many devices will not be eligible to get a new upgrade?’ We’ll be able to make a data-driven decision for this sort of thing, and that’s great because previously we didn’t have that kind of data.”

Working with SoC vendors

Treble is about making lives easier for the thousands of Android OEMs out there, but nearly all the work was done with the SoC vendor community. “There are ten [silicon vendors] in the world or so.” Malchev said on the ADB Podcast, “Companies like Qualcomm, Mediatek, LSI, Spreadtrum, Intel. It is these companies that manufacture systems on a chip that underpin the actual Android devices. The fanout from these few companies to the thousands upon thousands of phones and tablets out there is massive… By working directly with these companies, we essentially solve the problem to a very, very large degree at the source, prior to that fanout.”

SoC vendors represent a much more focused group than working with OEMs. “We cannot possibly got to the hundreds upon hundreds of OEMs and say, ‘Hey, we’re doing this, can you change those things?'” Malchev explained. “We instead go to the silicon vendors of the world and work with them, so that, as the fanout happens, everyone benefits from the work we do.”

Malchev said that getting SoC vendors on board with Project Treble “took as much time as the engineering work” The work started in late 2015, and today, as part of Treble, Google has a dedicated SoC vendor outreach team. Malchev said that Google now has “teams in Taiwan, Seoul, San Diego dedicated to working with our major partners, with the silicon vendors in their own time zone and in their own back yard.” Malchev did not specify which silicon vendors Google had embedded teams with, but a quick comparison of SoC company headquarters against that list suggests that Google is in Taiwan for MediaTek, Seoul for Samsung, San Diego for Qualcomm.

A ROM revolution

Android 8.0 with Project Treble cleanly splits the partitions up by company. Typically Google is the Android platform vendor, Qualcomm is the SoC Vendor, and a company like Samsung is the OEM/ODM.
Enlarge / Android 8.0 with Project Treble cleanly splits the partitions up by company. Typically Google is the Android platform vendor, Qualcomm is the SoC Vendor, and a company like Samsung is the OEM/ODM.

While Treble is focused on official Android OEMs and making their lives easier when it comes to updates, as a side effect, Project Treble should be revolutionary for aftermarket Android ROM projects like Lineage OS (formerly CyanogenMod) and individual developers on places like the XDA Developers Forum. These groups take code from Google’s open source Android repository and make Android-based OSes themselves, usually offering upgrades to abandoned devices or conversions from skinned Android to a more stock look.

In the past, the bane of third-party ROM developers has been that AOSP has never been a complete, bootable software package for real life hardware. You’ve never been able to compile AOSP, slap it on a device, and have it work—you need all sorts of “binary blobs” from chip vendors to make things work. Usually, the ROM developers end up compiling AOSP and combining it with the official software, resulting in a janky mix of new AOSP code and old proprietary bits. Because Android never had a standardized interface between the hardware and software, updates would break all sorts of things, leading to issues with the camera, networking, and other components, or general performance problems.

Treble promises to change everything. Malchev says that Treble standardizes Android hardware support to such a degree that generic Android builds compiled from AOSP can boot and run on every Treble device. In fact, these “raw AOSP” builds are what will be used for some of the CTS testing Google requires all Android OEMs to pass in order to license the Google apps—it’s not just that they should work, they are required to work.

Treble’s modularity is enforced in Android’s partition layout too. AOSP code lives in the “System,” “Recovery,” and “Boot” partitions. The SoC vendor (usually Qualcomm) gets the “Vendor” and “Radio” partitions. The ODM/OEM (Samsung, LG, HTC, etc) gets the “Bootloader,” “ODM,” and “OEM” partitions for their code. These partitions have all existed before as options, but now things like a dedicated Vendor partition are mandatory for 8.0. Google’s documentationspells out the implications of this, saying “it ​should ​be ​possible ​to upgrade ​a ​device system.img ​from ​Android ​8.0 ​to ​Android ​P ​while ​other ​images ​(such ​as vendor.img, odm.img, ​etc.) ​remain ​at ​Android ​8.0. ​This ​modularity ​enables ​timely Android ​platform ​upgrades ​(such ​as monthly ​security ​updates) ​without ​requiring ​SoC/ODM partners ​to ​update ​SoC- ​and ​device-specific ​code.” It the ROM world, it means you should be able to flash a new system partition built from AOSP, while leaving everything else alone, and have a working system.

We’ll have to see how things exactly work in practice, but I’m expecting the ROM community to explode in popularity once Treble devices become more widespread. Custom ROMs shouldn’t need to be painstakingly hand-crafted for individual devices anymore—a single build should be able to cover multiple Treble devices from multiple manufacturers. Imagine the next time a major new version of Android is released—on Day One of the AOSP code drop, a single build (or a small handful of builds) could cover every Treble device with an unlocked bootloader, with a “download Android 9.0 here” link on XDA or some other technical website.

Users should also have more control over their devices, like being able to buy a skinned Android phone and immediately apply a fully-functional AOSP build, stripping away bloat and most of the annoying “customizations” that OEMs make. You can sort of do this today, but, again, the lack of a standard interface and needing to include binary blobs from the SoC vendor makes this a very iffy proposition. The standardization of Treble should ensure that everything will work.

Being able to compile AOSP, slap it on a device, and have it work will be a boon to home tinkerers, and on the official retail build side of things, could help to prolong the life of Android devices. If security is your goal, though, there’s still a need for involvement for the SoC vendors. There will inevitably be bugs and security flaws in the vendor code, and since that code doesn’t live in AOSP, vendor support will be required to fix those.

All of this ROM stuff depends on buying a phone with an unlocked bootloader, which lets users tinker with the software. Usually this just means buying an “unlocked” phone directly from an OEM, rather than a carrier.

Isolating the media stack

For camera, audio, and DRM, HALs now separate the "Stagefright" media framework from the kernel.
Enlarge / For camera, audio, and DRM, HALs now separate the “Stagefright” media framework from the kernel.

Another benefit of Project Treble: security! The separation of vendor code from the OS means the vendor code can run in a separate process. This also helps harden the media stack in Oreo. The media framework is a particularly important area after 2015’s “Stagefright” vulnerability, which exploited Android’s media player engine (which is actually called “Stagefright”) to remotely execute code.

On a Treble-enabled phone, the audio, camera, and DRM parts of the media stack have also been isolated in separate processes and sandboxes. Each part gets a new hardware abstraction layer (HAL) between the framework and kernel, too, so it should now be harder for a framework exploit in these areas to access the kernel.

Android’s biggest re-architecture, ever

Project Treble will make Android work more like the PC market, where a single version of an OS can run on multiple devices. It’s been obvious that Android needed to make a change like this for some time, but Treble was a massive project and counts for a lot of what makes Android 8.0 a full “1.0” update.

As Burke puts it, Treble “used up a huge amount of the engineering budget [for Android 8.0]. It was a lot of work and super deep surgery across every single interface of Android.” At the I/O Android Fireside Chat, Burke called Treble “probably the biggest re-architecture of Android since it started.” On the ADB Podcast, Romain Guy, Android’s Graphics lead and an Android engineer for the last 10 years, said “I don’t think there’s ever been something remotely even close to the complexity of Treble in terms of infrastructure change to the platform.” Malchev revealed Treble involved “upwards of 300 developers within Android engineering itself contributing to this, across 30 teams.”

As far as device support for Treble, the feature is a requirement for any new device that ships with Android 8.0. For upgrading devices, Treble is optional. So far the one and only upgrading device we know about is the Google Pixel, but Malchev said that “We are working with some companies to upgrade their flagship devices to O while Trebilizing them fully.”

Google Chrome makes it easy to mute annoying auto-play audio

The feature is now available on Chrome’s developer version: Chrome Canary.

google-chrome-mute
Google is making it easier to silence that annoying auto-play audio from a website for good.Google

Sometimes the best advances are the simplest. Google Chrome is testing a feature to make it easier than ever to mute audio from websites. The new feature is available in Google Chrome Canary, a version of Chrome aimed at developers and early adopters.

Google Chrome team member François Beaufort shared the news Friday in a post on Google Plus. He wrote that his team is testing a setting to mute/unmute a website with the Page Info bubble — the area just to the left of the web address field.

“This will give you more control about which website is allowed to throw sound at you automatically,” wrote Beaufort.

Muting website audio is nothing new; in fact you can currently do it in Chrome just by right-clicking on the the tab of the website. The new setting being tested seems to make your choice more permanent.

Android Oreo superpowers, coming to a device near you.

From Sameer Samat, V

Today, Google is officially introducing Android 8.0 Oreo, the latest release of the platform–and it’s smarter, faster and more powerful than ever. It comes with new features like picture-in-picture and Autofill to help you navigate tasks seamlessly. Plus, it’s got stronger security protections and speed improvements that keep you safe and moving at lightspeed. When you’re on your next adventure, Android Oreo is the superhero to have by your side (or in your pocket!).

Android Oreo, to the rescue!

Ever try checking your schedule while staying on a video call?  Android Oreo makes it easy with picture-in-picture, letting you see two apps at once: it’s like having the power to be in two places at the same time! Overwhelmed by notifications, but missing the ones you care about the most? With Android Oreo, notification dots let you tap to see what’s new in your apps — like the important ones you put on your homescreen — and then take action on those notifications quickly.

Android-Oreo-Transformation.gif
Android Oreo

Evildoers trying to get bad software onto your device? Android Oreo is more secure with Google Play Protect built in, security status front and center in settings, and tighter app install controls.

Battery depleted and still galaxies away from a charger? Been there, too. Android Oreo helps minimize unintentional overuse of battery from apps in the background;  these limits keep your battery going longer.

Supersonic speed

When you’re on the go, speed is perhaps the most important superpower. With Android Oreo, you can get started on tasks more quickly than ever with a faster boot speed (up to twice as fast on Pixel, in fact). Once you’re powered up, Autofillon Android Oreo remembers things like logins (with your permission) to quickly get you into your favorite apps. Plus, support for Android Instant Apps means you can teleport directly into new apps, no installation needed.

League of extraordinary emojis

Even superheroes don’t go it alone. Android Oreo brings along a team of fully-redesigned emojis, including new emoji to help save the day like:

androidEmoji_sample_850px.png

Coming to a device near you

We’re pushing the sources to Android Open Source Project (AOSP) for everyone to access today. Pixel and Nexus 5X/6P builds have entered carrier testing, and we expect to start rolling out in phases soon, alongside Pixel C and Nexus Player. We’ve also been working closely with our partners, and by the end of this year, hardware makers including Essential, General Mobile, HMD Global Home of Nokia Phones, Huawei, HTC, Kyocera, LG, Motorola, Samsung, Sharp and Sony are scheduled to launch or upgrade devices to Android 8.0 Oreo. Any devices enrolled in the Android Beta Program will also receive this final version. You can learn more at android.com/oreo.

How to prevent your Google Home or Amazon Echo from making unwanted online purchases

Did you hear about the kindergartner who “accidentally” ordered an expensive dollhouse with a voice command? We’ll show you how to lock down your smart speaker so that never happens to you.

By   Contributor, TechHive

There’s no denying that Google Home and Amazon Echo (or the less-expensive Echo Dot, if you’re not using it for music) have changed the way we interact with our homes. Turning on the lights has never been easier, nor has it been simpler to field the latest traffic report or order delivery for dinner. The future is here, and we’re reveling in it!

But the proliferation of these devices around our homes leaves room for error. Google’s and Amazon’s connected speakers must always listen for us to utter their magic “wake” words—OK Google or Alexa respectively—in order to perform their tasks. If you don’t configure them properly, you might see random purchases show up at your door.

It happened in San Diego when a little girl asked Alexa to deliver her a “dollhouse and some cookies.” She knew the right words to say, and in a few days’ time, she had her goodies. (If you want to have some fun, watch this news clip near your Alexa-powered device and watch it light up.)

If you’re worried about family members, roommates, or pranksters making unwanted purchases on your account, you can either disable this feature altogether, or set up your Google Home or Amazon Echo so that it buys things only after you’ve specifically authorized the purchase. Here’s how.

How to disable purchasing with Google Home

google home

Florence Ion

Google Home doesn’t have the retail power of Amazon behind it, but you can order merchandise from such major sources as Costco, Target, and Toys ‘R Us.

Google Home isn’t tied to one of the world’s largest online retailers, so you might think there’s less of a risk of unintended purchases. But it does provide voice-payment capabilities for Google Express, which allows you to purchase products from participating retailers such as Costco, Target, and Toys ‘R Us.

google payments

Google

If you decide you don’t want to do voice payments with Google Home, just flip the blue switch.

The payments setting is disabled by default in the Google Home app. If you’d enabled it previously and have since changed your mind, it’s easy to turn off. Just log into the Home app on your Android or iOS device, tap the hamburger menu, and choose “More settings.” Tap “Payments” on the next screen. Delete everything you see there. It’s the easiest way to ensure no one in your household can run rampant with your payment information on file. Alternatively, you can simply tick the “Pay through your Assistant” option so that it’s off and unselected.

How to enable purchases on Google Home

If you want to start—or restart—making payments with voice commands, open the Google Home app, tap the menu button, and then tap on Payments. Here you can set up a delivery address and a primary payment method. Google will automatically pull in any payment data previously associated with your account (and prompt you to update any expired or out-of-date cards). The app will ll also ask if you want to grant access to any Google Home devices you have set up in your home.

Once you’ve set that up, you can order things through Google Home by saying phrases such as “OK Google, order paper towels.” Google Home will list options for relevant items and their accompanying prices. Then, you can accept the order to place it officially.

You can even ask, “OK Google, how do I shop?” for a helpful walkthrough of the process. For other services, such as Domino’s pizza delivery, the payment information is set up separately through that company’s Easy Order, which fires up the oven right after you place your order. (This works with the Echo as well.)

google home payments

Florence Ion

You can enable and disable ordering on Google Home via the Home app.

Disabling purchasing on the Amazon Echo, Dot, Tap, and Show

Amazon’s smart speakers are quickly becoming smart-home workhorses, but they could also be considered Trojan horses aimed at capturing more and more of your shopping dollars.Here’s how to disable—and then re-enable—purchasing power with an Amazon Echo, Dot, Tap, or Show.

If you’ve previously enabled payments any of your Amazon Echos and want to now disable it, just launch the Alexa app on your smartphone or tablet. If you have more than one device in the Echo family, you’ll need scroll past all of them—and past the blue “Set up a new device” button—until you reach the “Voice Purchasing” button. Click on the radio button to disable this feature. You’re done.

amazon echo dot

Florence Ion

The process for enabling and disabling voice purchases is the same whether you have an Echo Dot (shown here), the original Echo, and Echo Tap, or the new Echo Show.

How to enable purchases via the Amazon Echo

Under Settings, scroll down to “Voice Purchasing.” Tap to enable “Purchase by voice.” It’s a good idea to set up a confirmation code at this point. It willl ensure no one can order things without your permission unless they know the code. Below that, you can select to manage your 1-Click payment settings, which selects which of your bank cards to use when the purchasing happens.

When you’re ready to buy something, you can ask Alexa to order anything from Amazon—physical as well as digital goods. If you’re listening to a song, for example, you can ask Amazon to purchase the MP3 with your payment information on file. Or if you’re in need of toilet paper, you can ask Alexa to send it over with two-day shipping.

If you’re stuck, or maybe a little shy, ask Alexa how to shop and it’ll walk you through what it can do.

amazon voice purchasing

Florence Ion

Amazon gives you the option of adding a confirmation code that must be spoken for an order to be placed.

When in doubt, mute it

If all else fails and your neighboring dwellers are still managing to make errant purchases, you can either unplug the device or mute it. The latter is particularly effective if you have children coming over who find it amusing to summon virtual assistants.

Then again, who doesn’t? It’s why we use our voices to buy things, after all, simply because we can.

The tougher Galaxy S8 Active is here with a bigger battery and a shatterproof display

Peace of mind and battery.

By   Staff Writer, PCWorld

 

If there’s one criticism of the Galaxy S8 (aside from the terrible placement of the fingerprint sensor), it’s that it’s a little too fragile. So if you’ve held off on buying because you’re afraid of breaking it, the Galaxy S8 Active is here to quell your fears.

The Galaxy S8 Active is essentially same phone as the Galaxy S8—5.8-inch Super AMOLED display, Snapdragon 835 chip, and a 12MP camera—but it’s outfitted to withstand a beating. Unlike the regular S8’s all-glass body, the S8 Active is constructed using “military-grade materials” and housed in a metal frame with four bumpers built to protect against “shock, abrasion, tilting or twisting.” Additionally, the screen has a shatter-resistant layer and the back of the phone now has a “rugged, tough texture” to make it less prone to slips and falls.

All that durability adds a bit of bulk to the device, measuring 151.9×74.9×9.9 mm vs 148.9×68.1×8 mm for the plain S8. At 208 grams, the new phone is a bit heavier than the 155-gram S8 as well. But you’re also getting a far bigger battery. The Galaxy S8 has a 3,000mAh battery, but the S8 Active has a massive 4,000mAh one, which should allow it to last well into a second day. And you can still charge it wirelessly.

The Galaxy S8 Active ships with full Bixby support (including Bixby Voice, which was missing on the Galaxy S8 until recently), and adds a new shortcut menu to quickly access the stopwatch, barometer, compass, and flashlight.

Samsung is selling the 64GB Galaxy S8 Active for $850 ($100 more than the Galaxy S8) in two colors, gray and gold. It is available for preorder at AT&Tfor shipment on Aug. 11. Samsung says the device will be exclusive to the carrier for a limited time.

Why this matters: Samsung has been making “active” variants of its Galaxy flagship phones ever since the S4, and they definitely live up to their name. They’re perfect for people who want a premium smartphone experience without babying their phone (or shoving it into a giant case. But like the other Galaxy S Active phones, we’re most interested in that battery. We’ll gladly sacrifice a millimeter of thickness of it means getting such a massive battery in the S9, but we’re not holding our breath, especially since the S7 Active had a 4,000mAh battery too.

La Casa Del Mar Guesthouse has a new website

We’re proud to announce the launch of the new website for La Casa Del Mar Guesthouse at Fort Lauderdale Beach.

la-casa-del-mar-guesthouse-fort-lauderdale-beach

The pool at La Casa Del Mar Guesthouse at Fort Lauderdale Beach

La Casa Del Mar Guesthouse is a quiet little resort tucked away just steps from Fort Lauderdale Beach.  There’s also a rooftop lounge.  Please visit the site and consider  La Casa Del Mar Guesthouse for your next stay in Fort Lauderdale.

Telemarketers Just Got Harder to Stop

New technology allows users to leave voicemail without phone ever ringing

Telemarketer Voicemails

ERIK KHALITOV/GETTY IMAGES

Developers of the backdoor voicemail argue that the “do not call list” does not apply

We have all received them, on our home phone or cellphone — a telemarketer trying to sell us a product or service. Some of us simply ignore the call, others answer and quickly hang up, while some do listen to the telemarketer’s message. Soon, however, we might not have any of those options; telemarketers have a direct way into our voicemail.

Ringless voicemail is a new technology that allows users to leave you a voicemail through a back door, without the phone ever ringing. There is growing concern that this capability can allow telemarketers to flood your voicemail, causing you to miss important messages.

The technology has been successfully used for hospitals, schools and churches, and developer Josh Justice, CEO of Stratics, says he believes it can be a success in other ways. Justice told NBC News: “Ringless voicemail drops are a non-nuisance form of messaging and are an alternative to robocalls. It really does put the power in that consumer’s hand where they can essentially listen to the message or not listen to the message.”

There are consumer protection laws that restrict some telemarketing, but it’s unclear if ringless voicemail falls under the restrictions. The providers of the technology and business groups contend that since the phone doesn’t ring, it’s not a call — and therefore exempt from the current laws, the New York Times reported.

A provider of the service has already filed a petition with the Federal Communications Commission to officially allow it. The commission has been accepting public comments on the issue, but hasn’t given a timetable of when it would make a decision.

Politicians are divided on the issue, as it could also restrict their use of the service for campaign purposes.

As of now there is no way to block the unwanted voicemails. Phones don’t yet have a spam feature comparable to those on emails, and developers of the backdoor voicemail argue that the “do not call list” does not apply. You can comment on the petition, or contact the FCC to file a complaint.

What Google’s New SEO Algorithm Means to Your Website.

Google’s New SEO Algorithm Looks for This When Ranking Sites

The rules of SEO are constantly evolving.

Search engines like Google update their algorithms so frequently, and it can be dizzying to know how to get your site ranked the way you want. One thing is clear, however: keywords just aren’t enough to get you the traffic you want.

So what will give you results when it comes to SEO? According to Google’s latest algorithm, Hummingbird, you need to build sitewide trust.

Trust is the core component of Google’s relevancy-oriented search, and without it, you won’t be relevant.

Building real trust with Google isn’t easy. The smarter the system gets, the harder it can be to rank. But don’t worry just yet. There are things you can do to ensure that your site still ranks the way you want it to.

Why Google’s SEO Algorithms Matter

Google’s algorithm rules aren’t arbitrary: they have a purpose. Before you can improve your SEO ranking, you have to understand the ultimate motivation.

Google’s main goal is to deliver the most relevant search results as fast as possible.

They use deep neural networks of data to create a system that can think like the human brain, or attempt to, anyway. This approach is called “deep learning” and it’s used all across the Internet to improve user experience.

It’s ultimately an effort to help computers process information the same way humans do.

So when you search for “best website design ideas,” you get results based not only on your query, but on your search history, what other people are searching for, and what sites have content that closely resembles what the engine thinks you mean.

The smarter that the algorithms get – the more humanlike – the harder it is to “game” the system. Plugging your site with random keywords doesn’t work anymore, because Google can see through your attempt to keyword stuff.

Instead, you have to get Google to trust you. How do you do this?

In a book entitled SEO 2017: Master Search Engine OptimizationR.L. Adamslays the groundwork: You build trust with age, authority and content.

Building Trust with Age

You may think that using age as a ranking factor puts newer sites at a disadvantage, but know that with Google, age is more than a number.

Google relies on its relationship with your site over time to judge whether or not you’re trustworthy enough to list on the first few pages. Time is still a factor – the longer it knows you exist, the more likely you will be to rank – but if it sees that you produce value for visitors over time (you have heavy traffic, your site gets linked to, you produce frequent content, etc.), your relationship will improve.

For sites that have been around longer, this gives you an automatic boost to your rankings, which may come as a relief. For newer sites, or those that post less frequently, you will still have to build up your reputation over time.

Keep in mind that age doesn’t necessarily mean when you launched your site, though. Age refers to the indexed age, meaning when Google actually discovered you first. So if you had a site for a while but haven’t done anything with it until now, you will still be a baby in Google’s eyes.

Building Trust with Authority

If you don’t have age in your favor, you can also boost your ranking with authority.

In the past, you would build authority through your Google PageRank. The higher on the scale of 1-10 your site sat, the more trusted it would be. If you could link to more established (higher ranking) sites, you could boost your own score.

While Google still uses PageRank as a factor in SEO, they no longer gives public access to PageRank ratings, making it impossible to know how you actually fare. Instead, Google uses Domain Authority to determine the trustworthiness of your site.

Domain Authority is a score (100 points) developed by Moz that predicts how well a website will rank on search engine result pages (SERP). While it’s not a direct replacement for PageRank, it does allow you to see where your site sits in the rankings.

What makes Domain Authority helpful is that it gives you a way to measure the strength of your links. You can see exactly which sites are giving you the best boosts and which links are altogether worthless for your ranking power.

A few ways to improve your Domain Authority include:

  • Optimizing your internal links – Making sure links go to relevant content, use natural anchors that make sense to users, are linked to the right keywords, etc.
  • Creating more link-worthy content – Avoiding keyword stuffing, but creating content that does link out to other sites
  • Pursuing higher quality links – Linking to trustworthy (older, more established) sources, putting your site in a directory like Google My Business, Yelp, TripAdvisor and the Better Business Bureau, etc.
  • Running link audits – Eliminating broken or bad links as often as possible

The better links you have (the better your link profile is), the better your Domain Authority will be.

Building Trust with Content

The other thing that Google looks for when building trust is fresh, quality content.

When you publish quality content on a regular basis, you give Google more opportunities to index your site for links as well as for targeted keywords (yes, keywords still matter).

Frequently adding content, like blogs or articles, allows you to optimize the article with pertinent keywords that can attract visitors to your site, and provides you additional ways to link to authoritative sources and higher ranking sites.

The trick is that your content has to deliver genuine value. In the past, Google’s algorithms would look at the number and frequency of keywords being used throughout the content on your site to determine relevancy.

But the trouble with this is that Google’s new algorithms actually punish keyword stuffing. Instead, the algorithm looks for specific keywords or keyphrases (even “natural language” search phrases and questions) that fall into the content naturally.

In other words, the keywords have to make sense in context – and yes, Google can tell.

This means that for content to help you build your credibility, it has to:

  • Be popular enough to attract traffic
  • Include relevant keywords naturally
  • Provide enough value that users share and save it
  • Include meta tags, title tags and descriptions
  • Be published frequently

The good news is that you can publish as much content as you want, as long as it’s high-quality. This can be one of the best strategies for newer sites looking to rank higher in SERPs, since Google will still build a relationship with your content even if you haven’t been around for long enough to have age or link authority.

Final Thoughts

If you want to create a site that ranks under Google’s new SEO algorithm, you have to focus on building a relationship with Google and steer clear of smarmy tactics like keyword stuffing or over-linking.

Thanks to Artificial Intelligence, Google thinks and acts more like a human when it processes your site, meaning that, in a way, it’s judging what you have out there.

In order to make sure it trusts your content, you want to produce content that offers value for searchers, build natural links and relationships with other high-ranking sites, and stick around long enough for Google to see you.

Ask us what we can do to help.  It’s easier than you think.

Why you should still include ‘Sent from my iPhone’ in your mobile signature

Those four little words reveal more than you think

The blog of researcher, writer and speaker Rob Ashton

While conducting some research recently, I discovered a question in a web forum that got me thinking. In a nutshell, the question was: should you include ‘Sent from my iPhone [or Android phone etc.]’ at the foot of an email if you’re composing it on a mobile device?

I confess that, until a few weeks ago, I’d assumed such questions were now redundant. Smartphones and tablets are hardly new. Surely by now we’re all over the ‘Look at me with the latest piece of tech wizardry’ thing, aren’t we?

In fact, couldn’t such a line in an email signature even backfire? After all, it’s a simple enough task to customise it or even remove it altogether. Leaving it in would therefore suggest that you were actually a little, well, technologically challenged.

But then the offending line reappeared in my own iPhone signature, after a software update. Mildly irritated, I resolved to customise it as soon as I had a couple of minutes.

Two weeks later, I still hadn’t updated it. By then though, I was beginning to wonder if there might actually be an advantage to leaving it there.

After all, surely letting people know that I was emailing on the hoof would buy me some leeway when it came to the odd typo or malapropism (at least ‘for all intensive purposes’, if not ‘kind retards’).

It’s not just me – or you

Intrigued, I started doing a little digging and soon found I was not alone, which is how I discovered the forum question.

At the time of reading, the question had attracted 35 responses. A little more rooting around revealed a Guardian article on the same subject that was followed by no fewer than 590 comments. Clearly, it wasn’t just me who was unsure – nor the person who posted the original forum query.

The response reflected a range of views similar to how my own had changed over time. Some people were adamant that you should remove that line altogether, if only to show that you were not a Luddite and incapable of using anything other than default settings.

One person even argued that email signatures don’t matter at all; in fact, they were a distraction from the message and best left off. I would certainly argue strongly against that advice. At the very least, a signature should contain a phone number unless you specifically don’t want your correspondent(s) to know it. I’ve often cursed the lack of this information in an email when I needed to contact someone urgently – say, to explain that I was running late or even to place some business. (This has resulted in potential suppliers losing sales on more than one occasion.)

But opinion generally seemed divided between those who thought the line irrelevant and those who thought it important in setting context and therefore how much detail you should expect.

Clearly there was still some confusion, so I went in search of a better answer. I wondered if there had even been any definitive research on the topic.

The science of sizing people up

There had – and the results were pretty intriguing.

The short answer to the question of whether you should write ‘Sent from my iPhone’ is: yes, you should. Or, at least, you should indicate that you’re sending the message from some sort of mobile device.

But the reason why is longer. Not only that, but it’s the key that unlocks a fascinating area of communication science. Knowledge of that science can enable you to improve everything from a response to a customer-support request to a bid for a contract worth many millions.

The research area is called uncertainty reduction theory  (URT). It’s far from a new idea: it was first formulated by social scientists back in 1975. Yet, unless you’re an academic yourself, I doubt you will have heard of it. Certainly, I’ve yet to find it in any book on communication aimed at business or the general public. (I’m working on a fix for that.)

The central idea of URT states that our primary aim in any initial interaction with people is to reduce uncertainty about them. In other words, we want to check that they are what (or who) they say they are, that they have our best interests at heart or that they really will help us having said they would.

This is such an established idea among academics that dozens of them have expanded on or qualified it (for example, to apply it beyond just initial interactions). But the core concept remains firm.

If you think that’s a cynical view of human interaction and that we should have more faith in humanity, bear in mind that you probably carry out this checking process all the time. It’s just that the mechanisms are so ingrained that you may do it very quickly and even subconsciously.

Our main way to reduce uncertainty is through communication, so we have more than one in-built way to work out what’s true and what isn’t whenever someone is sending us a message – be that in writing or verbally.

Communication reduces uncertainty

We’re primed to look for clues – or cues – either that all is well and we can continue with the interaction or that we need to be sceptical and proceed with caution.

Often we send out these cues unintentionally. Many of them we can’t even control very easily, and people we communicate with use those cues. Humans are hard-wired to place a high value on them, according to an area of research allied to URT called warranting theory, which calls these most valuable signals ‘high-warrant’ cues.

Those signals that we can easily manipulate (such as our words) are called low-warrant cues. And we use high-warrant cues to decide how much notice we should take of low-warrant ones.

By now, you’re probably beginning to realise that this is a pretty big deal. After all, if we’re all programmed to look out for signals that those around us have little control over, it could explain why communication so often fails.

Taking control of communication

Note though that high-warrant cues are those we can’t control very easily. That doesn’t mean we can never control them. Some are just things that we think don’t matter much and so don’t pay much attention to.

And that means that, if we work out what those high-warrant yet controllable cues are, we’ll be able to tweak them and begin to (perhaps radically) improve the success rate of our communications.

All of which leads us back (at last) to ‘Sent from my iPhone’. Because, although that’s something that most of us now know how to edit or switch off, that’s not always been the case.

In 2012, two researchers, Caleb Carr and Chad Stefaniak, decided to test the effect of including this phrase in an email signature. It was five years after the first iPhones were introduced, and this signature line was still very common in messages. The reason it was still common was that many people didn’t know how to change it – in other words, it was a high-warrant cue.

Riddled with errors

In their study, they particularly wanted to test how that cue in an email affected perception of its sender and its sender’s organisation. To do so, they recruited a group of 111 people and showed them one of four forms of the same, basic message. The four versions contained a combination of either multiple errors or no errors and a ‘Sent from my iPhone’ signature or just the sender’s name and organisation.

Now, many of the errors were far from subtle. When I read the original paper, I spotted no fewer than 12 mistakes in the uncorrected example used. They included incorrect capitalising in the name of the sender’s employer, numerous missed apostrophes and sentences that ended with no full stop. The researchers clearly didn’t want to risk participants failing to pick up on these cues.

The message purported to be from an HR director. And participants were asked to rate the sender’s credibility as well as their competence and the prestige of the sender’s employer.

The results? Not surprisingly, the errors had a damaging effect in all three of these areas. But, despite the number of mistakes, the presence of ‘Sent from my iPhone’ significantly reduced that damage.

Smart move to get readers on side

The results do at least prove that, if you indicate you’re sending a message from your smartphone, your reader will generally forgive the odd mistake.

And this stuff matters. Almost nine out of ten smartphone owners (88 per cent) use their phones to send or receive email, according to a survey by the Pew Research Center. This makes email one of the smartphone’s most popular features. Unlike with text messaging, however, the medium used to compose an email is not obvious unless you make it so. And while we forgive typos in a text, we’re less lenient with emails.

But the implications of this and similar studies go way beyond showing that it’s a good idea to indicate that you are emailing from a mobile device. Because they show that the unintentional cues we send out when we write or speak have a huge impact on how our audience perceives what we’re trying to say.

In communication, first and foremost, it’s the little things that count.

Positive SSL